Policy Rule Types
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Policy Rule Types
A complete endpoint security policy comprises policies
that target specific methods of protection. The rules that make
up each of these policies enable you to enforce protection, manage
Traps settings, and take action on your endpoints. You can configure
rules that target specific objects or that take effect when they
match specific conditions and, together, these rules help to secure
the endpoints in your organization.
The following table describes the types of policies you can configure
in the ESM Console:
Policy | Description |
|---|---|
Malware protection | Malware protection rules use protection
modules to block common behavior initiated by malicious executable
files. Each rule in the malware protection policy specifies the
type of protection module used to block suspicious actions. The
rule can also include a whitelist that specifies exceptions to the
rule. For more information, see Malware
Protection Rules. |
Exploit protection | Exploit protection rules determine the method
of protection for processes that run on your endpoints. Each rule
in the exploit prevention policy specifies the type of protection modules
used to protect processes. For more information, see Exploit
Protection Rules. |
Restrictions | Restriction rules limit the scope of an
attack by specifying where and how executable files can run that
are launched on Windows endpoints. For more information, see Restriction
Rules. |
WildFire | WildFire rules enable pre- and post-prevention
analyses of executable files and macros by sending unknown files
to the public or private WildFire cloud. For more information, see Configure
a WildFire Rule. |
Forensics | Forensics rules enable you to set preferences
about memory dump and forensic file collection. For more information,
see Forensics
Rules. |
Agent settings | Agent settings rules enable you to change
the values of Traps agent settings related to logging, heartbeat
frequency, and console accessibility. For more information, see Traps
Agent Settings Rules. |
Action | Action rules allow you to perform administrative
activities on endpoints. The one-time management actions include
uninstalling and upgrading Traps, updating licenses, protecting
the Traps software, and clearing data files. For more information,
see Traps
Action Rules. |